Detections
Analytics
RHEL 5 : flash-plugin (RHSA-2010:0464)
high Nessus Plugin ID 63935
Language:
Synopsis
The remote Red Hat host is missing a security update.Description
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 Supplementary.The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player.
These vulnerabilities are detailed on the Adobe security pages APSA10-01 and APSB10-14, listed in the References section.
Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially crafted SWF content. (CVE-2009-3793, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2188)
An input sanitization flaw was found in the way flash-plugin processed certain URLs. An attacker could use this flaw to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially crafted web page. (CVE-2010-2179)
A denial of service flaw was found in the way flash-plugin processed certain SWF content. An attacker could use this flaw to create a specially crafted SWF file that would cause flash-plugin to crash.
(CVE-2008-4546)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.1.53.64.
Solution
Update the affected flash-plugin package.See Also
https://access.redhat.com/security/cve/cve-2008-4546
https://access.redhat.com/security/cve/cve-2009-3793
https://access.redhat.com/security/cve/cve-2010-1297
https://access.redhat.com/security/cve/cve-2010-2160
https://access.redhat.com/security/cve/cve-2010-2161
https://access.redhat.com/security/cve/cve-2010-2162
https://access.redhat.com/security/cve/cve-2010-2163
https://access.redhat.com/security/cve/cve-2010-2164
https://access.redhat.com/security/cve/cve-2010-2165
https://access.redhat.com/security/cve/cve-2010-2166
https://access.redhat.com/security/cve/cve-2010-2167
https://access.redhat.com/security/cve/cve-2010-2169
https://access.redhat.com/security/cve/cve-2010-2170
https://access.redhat.com/security/cve/cve-2010-2171
https://access.redhat.com/security/cve/cve-2010-2173
https://access.redhat.com/security/cve/cve-2010-2174
https://access.redhat.com/security/cve/cve-2010-2175
https://access.redhat.com/security/cve/cve-2010-2176
https://access.redhat.com/security/cve/cve-2010-2177
https://access.redhat.com/security/cve/cve-2010-2178
https://access.redhat.com/security/cve/cve-2010-2179
https://access.redhat.com/security/cve/cve-2010-2180
https://access.redhat.com/security/cve/cve-2010-2181
https://access.redhat.com/security/cve/cve-2010-2182
https://access.redhat.com/security/cve/cve-2010-2183
https://access.redhat.com/security/cve/cve-2010-2184
https://access.redhat.com/security/cve/cve-2010-2185
https://access.redhat.com/security/cve/cve-2010-2186
https://access.redhat.com/security/cve/cve-2010-2187
https://access.redhat.com/security/cve/cve-2010-2188
https://www.adobe.com/support/security/advisories/apsa10-01.html
https://www.adobe.com/support/security/bulletins/apsb10-14.html
Plugin Details
Severity: High
ID: 63935
File Name: redhat-RHSA-2010-0464.nasl
Version: 1.43
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 1/24/2013
Updated: 6/8/2022
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment
Risk Information
VPR
Risk Factor: Critical
Score: 9.6
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2010-2188
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:flash-plugin, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:5.4
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/11/2010
Vulnerability Publication Date: 10/14/2008
CISA Known Exploited Vulnerability Due Dates: 6/22/2022
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (Adobe Flash Player "newfunction" Invalid Pointer Use)
ExploitHub (EH-11-164)
Reference Information
CVE: CVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2188
BID: 31537, 40586, 40779, 40780, 40781, 40782, 40783, 40784, 40785, 40786, 40787, 40788, 40789, 40790, 40791, 40792, 40793, 40794, 40796, 40797, 40798, 40800, 40801, 40802, 40803, 40805, 40806, 40807, 40808, 40809